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Abstract ofEP0552392 

The method specified complements the challenge and response method for mutual 
authentication of a chip card (CHK) and of a terminal (T). A terminal-specific key 
(KC2, KT2) is calculated with the aid of identity characteristics (ID) for the terminal 
(T), the current application and the security module located in the terminal (T), a 
coding function (FCY, FTY) and the chip-card-specific key (KCl, KTl) prior to 
authenticity testing of the terminal (T). The identity characteristics (ID) are signalled 
visually and/or acoustically to the chip-card user after successful conclusion of the 
authenticity test. 
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Bedchreibvng 

Die Erfindurig beJriKt ein Veifahrfin fur gegensafti- 

nach der CtoilB^^^ (frra^ 
^AhivrortrVe^^ Oljiii^erwciise authemlzlert 

iich; ?uri5dh6t die Chlpkarte g^enptejr dem Tonnrunal 
pie CH^rta ,di)d^ 

mer zwTi tetmtei: OiasiBS berechnat fiios der Ghiptcar* 
imidertllt^iiriU elnon erstpn TenrninalschlflM^ 
derbai.Vawel^ 

aigpfithmen, rnit eriem eMBn ih der (Mpkait^ Q^sp^^ 

cherteri ChlpkajtenschiOssel 

das Terminal eine\er&te ZutaUszahi. i^ertragl sie zur 

Ghipharte urtd d^s Term|r^ verschlO^tt die arste Zu- 

faji^zahl eber^b wta da Chipk^rta. Als: VarschlOss^- 

iungsergebnisMiegt 6py^^ der Chipkatte a|^ ^Vch.i|[P 

Terminal ein erstar /iherkennjurigsparaf^ 

baidari Anerkehnuhg^paramai^ Termirial 

vergJtehen. Bel pc^iUvem yargleichcdrgctonio 

Q^pkarta authantisch. 

Zuir Atirth^5nlifa<alibn das Ternihals gagehOber dar 
eh!f)Jtarte Rndei dafobah baschriebwo Vbri^g mR ve^^ 

ilcarintG ersia §diipsse1 wfrd zur faalclarseiiigan Varr 
£ch!Osseiiiig^^ vori dar Chlpterld g^^^ 
tetlizah! vve^ Dja d^bei eni^ah 

Anarltwny^^ lr>d8r<^l[^kaftevwg 

mihal auth^tfc^ (EP-iA^^ 

bii^Chipteirta er^ 
, c^tte Ta^^ aiitheritlsch 

>W8l<^es vpn )^le^^ '13'^dalL 

^ liSes^s Infonri^ turn BeiisptsI 
diirfehdas^^Q^^^ 

teha bdseitfgl^w^ tann ebia scicha Irijixrrta- 

>zar arhalt entwed^ niir^elhesubjaidiya li^ 

Jpiaiifc^^^ 

r«ar:^ipiffl:rta 2u ;0f^ ;urtd:ifarp^ 
Etwiutzier^ f u^^ebah; sic^ 
bbjekttyyohder^^^^ 
^gwV' ' ^ 

;Diese Ayfgab^ 
Patenlan^r^ 

;QemlB dern' bn^; angegibenen 
Verfia^ir^ wird cfe- bzw. werdan die WarUHatekoihngro- 



Oerv die dam Terrtwal T zugeordnal gegeh- 

^ciUgon AuthohtfnNtichdprozpB gamdQ ^pr Ghallcmgp^ 

and Rasppns^Mat^^ .yiiird nicht 

riur ein chiptertenspatifisc^^ 

spndem di^cir chipkanenspffi^s^^^ 

Ganenerungjaihasz^^^^ 

iinsehen $(^I0s&6ls vetfw pamHjfet eba^^^ 

ge imd sii^ara Idaiitifll^^ foktusKm ebiar 

tion aOer Elemante dei Ternrilh^als^ge^ 

kanngrdfltenBasten^ 

Idanptd^kenngrdad aind 

Qb^remstf mmen der ersten imd der;^^ 
artcarmungspamm^^^ wisrdeh die darn Terrnihat zuge* 
orcfriatan IdernitaUkdohgroBan und/oder ekia diase 
IdWiUl^tsikB^ingrdBeh repiiisantiarend^ Iritbimatton op- 
tiscK uncUc^ar akusUsE^ angazaigt. ble5a>ArueJge er*. 
foigt auf ainar /^zaigeehhek,,0^^^ 
kaiih atn iaubpreb Oder 
ahnltchesisein. 

Durch oina «oteho Anzatga kann aici^ der <^^^ 
teribanutter safbsl d|ayi:m da3 das fe?^ 

wederrnahiputiart hOHCh aim^ EHaichiaft virifildisis 
dem Benutzer (term, wann die die tdanlit^tskermgropert 
reprSsaritiprande Inform elndaiitig 
der Oder deri IdkithStskenngifoBen zugebrb^ Dia 
yertrauehsvwrdi 
zeigaipf danOhJp)^ 

: Oamao^inar 
muB <^as Werderi. Dies6 

Quftitahing a^ ehen Taslen^ 

dhjck Oder dw ^Ikiff ifner lan^n Ze'rt, 

danriap. ainar 

. irfitidufiQ^ fati:^^ intejirierti; . 

dassen Slt^ieitieiial^ gemeinsarh rnft 

eihar Terrhirfedider^^^ 
tra^n wird. Dla>^ betdah IdehiitStskbiy^^ 
ciiie;dem Taring . . 

Chiplcarf eailiatt iauthen* 
tisdhe. intdr^ 
aktuBttlmTe 

Garnab ainer wbUgibii Wette^^ der Erffiidung 
Vi^gaf^ 
jdentitliakamigi^ 
:gr<^e iur'C^ Obertragah; pte 
Qe;wifd atso/m^^ 

Irn Iferrrtna! jaufend^} 
n^dar Ct^l^h^ 

(Sairisiirldhe^^ 

staliiing dar CriRwiu^^^ Ufc«irtra- 

gung 6zw. der: Etng^e afner P^r&oite^ikennfi^^^ aus 

bzwriindasTerrnlr^^ 

niinafeyQihlncie^ 

wiri aifiBrt natih AraaigaOc^^^^ 

und/ddbp der diasa IdentitStskeiingffiB^ 

rj^ein Informatlpn^^v^ 

von Sahen das Ternrfnals itszur Faststalliihg^^^ AU-: 
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th^entUitSl durc^^ ^^^^^^^ 

termini riit^t al^ivieH Weridianl Eiii^B AniEOigb rnm^U^ 
naiter ir^Ofhiatip^ Isl somft wirt^am yeihlndori 

Tenrurtal auKite zWist^ien 

konrigrdOeiii eirie Sdss tdenthSiskbhngrdBen 

tatigungtleraufc^ 

Tastatur quintdm purch dfes^^^^ und Ws}- 

terbfliiyngi dw <3rund der rSumichen 

Trertnij^ vofi Chipkart^ urtdTeirminal oih zu* 

^uncrtiM^ S<^utr v6r etne^ 

he| de^ Termiha!si;eff Das GJ^toiente^ 
Kanhiu5atzBch;v<;^ 

sjcri im^hi^^g >^ TaMhal S9tbst gogetnOber d^ 
*^C^ipkarte zu £t Durch die^e ziisa^ 

M6^)btikb{i; vuiid dplrtlich, cia0 daa CMiti))«artbnteiTr)in^ al^ 
cherholliE^echnl^ 6mChp\iiriptu^^i^nBX 
fet: Das Chfpj^entei^ ailem ate yer- 

trau^nsv^rdJg^ siimMsleilayi^^ und 

fet bjaijain®' Intsgral*^ ddr f uhM^sn des Chjpkart&tvf 
fefiTiiinais fen Termtnal nw n^^^^^ 

Qofi^ ein weiiar^n W^rjt}|idurig - und Aus^ga* 
?rti^imgder;Eif^ 

th^ti^katldv^^^ ^ Ctttpic^d dea Teriininkf6 efiia 
duirchgelij^rt^ 

kft dew;: /fce^ojBihh elt W^rbnd db^ Vorf^ 

g^rjst^Uj^^ 

/^sjauj^getv^^m : ' ■ ' ' ' ^ 

;dungan;8lri^^^ 

im jpi^Efiide^n^^^^ ^afehmihg 

RG;i ; >Uilau|dtagrar^ 

ma 2 dm© schohfiat^^ 

nes^enUalrBchne^^^ 

FIO 3 eiri© Ancrdnung gemSe 

kait emerrntn^^im etiisi REx^nerstattgnin ^^^e 



|m fo|gsnd,en::Ausffihrungsb8ispi9l ^yrfid tis^ aiHty 
durig^ern&e^ eis .in Figur; 1 ;CfergestWlIt • 

(sV-^^^t^riab^ri Ats Kornmynikati^^ 
daib^ alri Teiirnlri aj T ur^J e)^ Ohfpl^na QHK vei>ve^^ 
5 DasTeiminaJTwrit^^ 

hatb dei^ Chipkarte bhUC Sbk:ihr. Einhelten a 
spleIsweiset.eOT/.Ch CICT; ew Zariu^ 

rechnarHljSTielrte 

Dai GHlpfefteateri^^ 
soy^W :zwi5chen ChSil<arte CHK= und Zeritriilfecfih er 
HOStalsauct^ 

tehbehutzdn inri-GhfjakartBhteffiiM GKt fi^ eirm An* 
Migeemhett X^BP urxJ ©in Eirig^betastonbl^k TAS ih- 
^5 tegrierl 

In R^r 2 fet C^^^ QKt ema E|n- 

zeiefrilifiOt diaCHDW das^Leto niit dairn Zen^ 

Ualre^hner HpST yeibunden ilst. In F^ur 3 kann das 
Chfpharj^iefm Eihzeiajnhert, ate 

M Gffie Eirihai! sehVdiia gembiriisa^ deif Rech- 
nersteUon CPU Im TerniBial T: ihtegriBrt i^. 

In v\^ai6ber fSumllchen FoiTn Ch^^ixaXonxot0nB[ 
CKT aucin irruTior. VorU^ widit^ jor.das omd^m^^j^ 
. mao© Verfahren fel d^^ 

ss der frp ChspKartent 

teni nairyit^ dar Arie^^iB^ berta- 
■statur?TAS.= =..■'.■ ' ^ 

^ sctiFQn V 

Tn|B©vy^jitahra^ 

sisn d FfelttlonOT ii^^d^^ 

..g©pa!Q^^w6&^ 

.dja- Virfil^^ .- ; " 

40 Vflffahr^ra^ 
ddifSisb^ 

:gpbt aln cjh^ 

■ ■■•Jgep'T^«tfi^te^^ 

■ gfiiaJaHeii^piS :P©f8o- ■ . 

■ ■■■ toir^lbHk'Qb'b 

, Obertrigi: dtetC^^ 

eihernim Teftnli^^ 

n!?^A!g?^?m^ 
s$ eheichrtetV Sies^f arste Ibm^nS^tiiBBei Ktl ent* 
sprfchtdam.lrid^^ 
tjfiipkartwa^^ 

Imfemitirtal tW^^ Hene- 



s 



EP0S52 392B1 



fifirt und:2urChipfefts CHK Ob^^^ 

CWpkarle GHK afe jrn feimbialT werdeh rturt erste 

Saiiwitder-CJtipkart geahiaht dies 
erslen ZUiailszahi VV s 
kCi ur^ ciner erstian Chlfilcari Die erste 

CbipKdrtehlMhkUbrt FpX enl3pf|cN' eirier erstcn tomi|- 

Pa^TsrniMterrech 
'erkenningsparamsief niilHilfe cie r ersten ZiiaUs- io 
zahl yi, ;cf^:ef^ien Term^ 

st^ TerTrtrmliunldton Oervon der ehjptetrt^ CHK 

efrechheie erste Ghfpkarteriarieiiehnuhgsp^^ 

APG1 w^rti 2um Tenriinal T Obe^ 

er5ten Termlnalajner^ APri VQp^y ts 

Chen/ BeJ negaflVBm VergleitSser^ wird das Vor- 

(ahren abgebibcHen^da darin di& CWpkarte CHKnicht 

autheriti^ist 

Bevof nun auch die Authentizftit cfes 
gag^ubar dei Ch^UatteCHK Otferprfllt 30 
die Chlpjcarte CHK e^eh zw^len ChipKartenisditpsset 
KC2 und das Tenminal t einar zweiteii Tefrnifr>i?lsbh(6s^ 
eel ktii in der Chlpl^arte CHK eiiotgt dieis rik(^ Ob^^ 
tWgen vort dism terminal T iugdprdneten Idenjitas- 
ksnrig|roSen ID^an dib Ghipkarto CHK^ Dm Chlpkafte 25 
GHK bifciet aiis. dep ldentii|iUkerif)girp0^ri 10 lind dem 
emte^ X|h*^l^eru|ch| rrtit Httle einer zweHeh 

C^J|}[cariefij|unKtjo^ den awelien Ch^ii3rtens<^ 
sal KG?; Das tarnriin^ff t M\ssrs$^o Iderfti^tsr 

keringroQeil lp^# ; 
elnerz^flSlcn Te^ 

lii^ddie zV^e 

Die Clem Tdjirnlnal T •zugwdneten 
graven IDs ind e'ine'Sld^eHsl^ SiO, '-^s 

<if>n g^eniftats^n 
iStskenrrgrfij^e sib^b^ 
= Sic^Sertieftsirrt^ 

;b02ftehjrt3t eW # 

bezeteMat ; idie Anweni&^^ 

;eir^eijtig eirie ti'G»^tfr^fit|^^ 

dUng.;DieTOi9hert^ 

GHK und}ifrn i(E^^ 

wenn die Ariw^ru^ 

'Wenn eineA^i^^r^dun^^ 

fbj^: .'■ : ' _ ' ' A-.''^::: ■ . 

imGbd&^^ijifl^^ 
Zur AulKc^tiji(^ 
Chipi^rte cm eifieugi'^ 

mjnatfuriktiOT 
ijfndder2vifoHeh:&^ 



arwrHennungspararneterAPti urid^u^ 
C^lpkarfe CHK; biis Chipkarte erriejchrwt aiii cfem^^^^ 
lenChfptQhenschiassej^ 
urid e^er d^tten.cihip^ 

Chlpld^enaaerkerwung^^ Die iwaiten 

AneHtennunigsparar^ der Chtpkarle 

CHK VcrgllchOT. Bp! p<«^iyam Vprgipltiusprgpbnfe^^ 
dmdijii^^ 

ziiti Temnkial f Sbertrag lind rmi Hilfe der Aazeigeein-. 

heltpiSRdeqTofrnirwtfs T 

iolg^inpoirnf^inartf^^^ 

tierenctsn Ihfbrmat'ton. Oictserlntormmiari - ijilB. elrt ba- 

$t^rrit6s Wdi - feVeiiTicieutig't^^^^ 

Sfc^hertieftsidenrttttltske $iprT9Mnatidemh§ts- 

Kenngr6Qe jio und Anwendur)gsb&nu^ 

AID zugoordnet ErKenntder Ct^kaileh^^^ di^ases 

Wprtal^ rit^itig aa dar^ri IstfOrm^ 

authentisch. 

Die Bekahf^tgabe des Erg^e^^ 
latsprOfung ka^^ ^iidh uiimiKetoar die 

C^}p};£^ ypraussetzung ct^^^ daO 

dia'dh^karte Cto^ CJiSiP, wie iB. 

Leu^tc)ibdeh;:e!nen akiistisch'^ Sig^lg^ar^.der beK 
spfeisvyetser^tjBst^^ Tdiito^en atS?juget^ri yem^ 
ixJer eine R5ssl^r|8teQ 

iM'rtderi^tf^^ 
ptlsentjafenden tntomiattori; v^rd: d^; 
ChSP if^exier ^ 
gegebeh/lst5§[n^»;puittl^ 
keringroQiflrt tb 

hcn.dam) iife jp^lg^o der^ 
.erst'rr^tfie^^^ 



Nte^nepriich^r 

li, Vitrtahreo tuf ^e^^^ 

^^Sn^ksirii^ und mnes ■ tehhfr^alSv mltteisVibJj^er^^ 
vSiSi^fie:' " ' ■'■ 

kartenidfi^^ 

/nalfry,'" . ■■■ 

- &s;teT^^ 
identWiic^bidrj^fi 

> : :cjie::ii^|FiSarte 

;{KCi)b3^^^^ 

ersteh Chip!^^^^ 

kartenaneiSenaiwfi^^ 
hen ersten TerirrUriaiiaeif^^ 

; - die Chipii^B (CjfflQ Obiertjf4s^ JO^*- 

Tefmlnar (^^^^ ^terken- 
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nungspafdmetcr (APCl.ARtl): madtnahdpr «io<iurch geker»n»ichne^^^^ 

vergntiienCwerden. ^^eir angezeigien IdeiitliiskenngnSOen (jO) 

- <?as'T«n"nW (T) P und^dder dor- die IderitSsiskerrfigreto* (id) 
glelchsergebnis rn&^des*im termmal reprasentierendsn Informaltoa quttUertjarM: 
(T) zugobhirtfitk^^c^ 

- cfe PWptert?;(PHK).bzw.. <^ie;bBidernvor;et^ 
rechnel?aus-dem^^^e^^^^ fdwtifikato 

[KCl) taw.au5demersienTeTO^ ti^nnihai (tj^elne vbn^^^^^ 

(PI) und€ter Identas^ iQ <fes TeWm p ihisbesoridsr^ bi 'dh^^ 

einerzwrejten GhipkafterdiEnkii^^^ (TAS) einest dhipJe^ehtartTilngls XOKT), air^agb- 

neirzWaftflh temiinalfunkilOT [Fjy) elriAi zwel- bisne Person^nkenmshri^^^ 

ten Terminatsc^ (fcTZ) 

• die- i;Hiplafte {Ci^j bzw. das Terminal (t),bo- dadurcli gek^nnxelchnet, da3 mjt der Ober- 

riwhnsl aus dem zweRen-Ch^ Uagurig bzw. cter 

(Kpig l)2w^ aus dem zwerten ternninalst^IQsso; zi^l (PIN) JegSche Ahzoig©:^^ 

(KT?) imd ecnier rweften Ztrfiaiisza hi (\^) rrirt Hi»- {Oisi^) auf Seften des Terrnlnals fl), , liisbeson- 

fo «h^r drhten.CWpteirter^^^^ (pdz) bzw. deiro dee Chij>ltajlohtp^ {CKt)» vemlndert 

^inef dritjen TeriTimatfun {FTiZ} eirwri zweh 2« und daS hach AhzoiSfi der Idehniiiskemi- 

ten Ch^jcarteiiafjemenfiiun ■ g^Ben ^b) und^oder dar dfe^^ 

(/«?Qg bzw. eifien zweiten #'aflen:(ip) liapffisOT^^^^ 

nunc^pammQ\Bt{A^2) Verhirideihmg der Ari^^^ 

> da5Term&ial{ll;0be^ rriinalsCt) aufgehoberi vvird, 

rSabnerfenrtimgspMWeV^^ 2S 

kaftis (CHK). 3^^^^ Verfahreh Afispruc^^ 5^ 

vergjic^ienwerdOT^^u^^ ; der ang^zeilgtW^^^ 

r beilite^feln^^ iirxl/bder deir dle^l^ 

;^ ^^niierenden^^ 1^^^ 

AF^ywerdendte AnzaigeayfSeitehdesf^ 

tart; Identftfi^^ i^ CWpiorieinte 

■^jifi^i-ldentilfil^^ V;;-.^; ■ 

re^e jnfoimmj^^ und/cder akustisch 7, Vorfahreh nacH efrwm derArarhergcihWtdsii Ahspi^ 

vtittHflfe^lfWfAiOT ^ xiij\dadufch ^ek$ 

■•\.k--^ '.''''': ;^ ■ : rrih Oirmr^:^ 

djaiclufch g^^ Ch^katrtejiitt^^ 

veinas i^g^^ Vbirfahr^i na)&^^ 

: ; dwtefTtflrajide^^^^ 

>lBr^d8ri IrifdiT^^ GHlpka^t^^;(GHig^^ 

3ei) (ip) rep^ 
derirf^^ 
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cl$n uhtif dad did Anzei^ durch efne benutzer* 
seitlgeBei^tigung einej^^^ 
mif^i (GKTl iirtg^^ 
tielrtwird. 

ip, Vprfariren oach i^rmm iijaf bjs 9, 

dadurieh gekehnoEof ehrie^^^ jcEai3rypr 
sehisen AlilhehtaikalW (OHJ^O wd 



Clalirna 

1. Method tor mi^uaj ai'thenll^tion of a ctijp card and 
a teirnaiaibyrnearw 

- th^ ctijp card t(ans^ teast oia ch'p ca^ 
idehtifbaUon number (GID) to m^tomitnal (T) 

- th6 terminal (T) determines frbm the dilp card 
tde mifaratlon riiimber (CIO) a first terminal code 
(KT1) 

> the c*ilp card {CHk):Of the teiminal (T) talcih 
tates from a first chipcard cod^ 
tefrninal code {KTljai^ 
(Vi) wfth the a^ ot a^^fi^^^ 
(reXK^ a^tirst-tem^ 

Of a first Idirimdl ac^rwawtedgement paramBtsr 
(/mi) ' - V ; 

* the ic^ip card (CHI^^^ 
apknpvirtedgafi^ 
ri^iiiai fl), 

pai^ekjaf (J^CIi AP1^1 1 0m 
■■ ,eadl6]ther. 
; . . bfi bie case c^ a 
lerrrrfnal (Ij) 
, acJei^ic (Ipi ass|^^^ 

* fini cHli) car^ or: the terminal (T) <alcu- 
tetasfrcftniw^ 

characierkic ilO) wth tha.a^ 0i a $erond 
|?a?d f uriHcrtictfi luac- 
ion (FtV) a sawnd chip caix^ i^?de;(K62) or^a 
-^ecXHTidtefminafcbde (H^.-; ' ' " - " 

': * : ma:dtip:^afd/(^^^ 
tetestrwrn theae^ 

: ch^ eart^ 
^ors (Fl2)Sa se^ 
ment fwi^^^ 
ac^qWladg 

* ttieiefmi^arj^^^^^^^ 

actoroWledgemfl^ jiafameter {APT2) lb tfte 
ch^icifd (GHI^^^^^^^ the tw se^ 
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kTOvirtedgemerit para 
' compared^^y^ 
- ifthe^j^tandthesecd^ 

ramalers (APCi , APT1, APdi APT2) rratch, 
the identity chamct^r^tics 
ienpinal ni and/pr an informal repire* 
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Description 

The invention relates to a method for mutual 
authentication of a chip card and a terminal by means of 
5 the challenge and response method. Usually, the chip 
card initially authenticates itself with respect to the 
terminal- The chip card transmits its chip card identity 
number to the terminal. The latter calculates from the 
chip card identity number a first terminal code, which 

10 is identical to a first chip card code stored in the 
chip card if symmetric cryptographic algorithms are 
used. The terminal then generates a first random number, 
transmits it to the chip card and the terminal encodes 
the first random number in just the same way as the chip 

15 card. As the result of the encoding, a first 
acknowledgement parameter is present both in the chip 
card and in the terminal. These two acknowledgement 
parameters are compared in the terminal. In the case of 
a positive comparison result, the chip card is authentic 

20 For the authentication of the terminal with 

respect to the chip card, the procedure described above 
takes place with the roles reversed. The first code, 
already known to both parties, is used for the encoding 
on both sides of a random number generated by the chip 

25 card. The second acknowledgement parameters produced as 
a result are compared in the chip card. In the case of a 
positive comparison result, the terminal is also authen- 
tic (EP-A-0 388 700 and IT Inf ormationstechnik. Vol. 32, 
No. 1, February 1990, Munich, pages 64 - 67, 

30 XP000095908, G. Kunde, D. Kruse ' Der neue Flughafen 
Munchen - Sicherheit durch Chipkarten' [The new Munich 
airport - security through chip cards]). 

The chip card consequently does indeed obtain 
certainty as to whether the terminal to which it is 

35 connected is authentic. However, the chip card does not 
obtain any knowledge as to which of many possible ter- 
minals it is. Although this lack of information could be 
overcome, for example, by transmitting a terminal number 
to the chip card, such information transmission may 
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compromise security, for example by disclosing the 
identity characteristic to third parties. The user of 
the chip card cannot convince himself of the 
authenticity of the terminal, since the user obtains 
5 either no information or only subjective information 
that the authenticity check has proceeded successfully. 

The object underlying the present invention is 
to permit a reliable identification of all security- 
relevant elements of a terminal with respect to a chip 

10 card and, in addition, to give the user of the chip card 
the possibility of convincing himself objectively of the 
authenticity of the terminal. 

This object is achieved according to the inven- 
tion by the features specified in Patent Claim 1. 

15 According to the method specified in Patent 

Claim 1, the identity characteristic or characteristics 
which are assigned to the terminal T are included in the 
mutual authentication process based on the challenge and 
response method. Not only is a chip-card-specific code 

20 used, but this chip-card-specific code is used for 
generating a second terminal-specific and chip-card- 
specific code. This ensures a unique and reliable 
identification, inclusive of an authentication of all 
the elements of the terminal whose characteristics are a 

25 component part of the identity characteristic 
transmitted to the chip card. 

If the first and the second acknowledgement 
parameters match, the identity characteristics assigned 
to the terminal and/or an information item representing 

30 these identity characteristics is indicated optically 
and/or acoustically. This indication takes place on an 
indicating unit. This indicating unit may be a loud- 
speaker, a liquid-crystal display or the like. 

By such an indication, the chip card user can 

35 convince himself that the terminal has been neither 
manipulated nor simulated. This is made easier for the 
user if the information item representing the identity 
characteristics is a word which is uniquely assigned to 
the identity characteristic or characteristics. The 
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trustworthiness of the terminal is demonstrated for the 
chip card user by the indication. 

According to a further development of the inven- 
tion, the result indicated must be acknowledged. This 
5 acknowledgement takes place, for example, by pressing a 
key or by the elapse of an adequate long time. 

According to a refinement and development of the 
invention, in the terminal there is integrated a 
security module, the security identity characteristic of 

10 which is transmitted together with a terminal identity 
characteristic to the chip card. These two identity 
characteristics form the identity characteristic 
assigned to the terminal. The chip card consequently 
also obtains safeguarded and authentic information on 

15 which security module is currently integrated in the 
terminal . 

According to a further development of the inven- 
tion, an application identity characteristic is trans- 
mitted together with the identity characteristic, 

20 assigned to the terminal, to the chip card. The identity 
characteristic is thus extended by an application iden- 
tity characteristic. Consequently, it is also possible 
for the chip card to identify uniquely the application 
running in the terminal in conjunction with the chip 

25 card and check its authenticity. 

According to a further development and 
refinement of the invention, from the point in time of 
the transmission or the entry of a personal 
identification number from or into the terminal, any 

30 indication on the terminal side is prevented. This 
prevention of any indication is not lifted again until 
after indication of the identity characteristics and/or 
of the information item representing these identity 
characteristics. Consequently, until authenticity has 

35 been established by the chip card, the indicating unit 
of the teminal cannot be activated from the terminal 
side. An indication of manipulated information is thus 
effectively prevented. 

According to a further refinement and 
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development of the invention, the data to be exchanged 
between chip card and terminal are passed via a chip 
card terminal arranged between chip card and terminal. 
The identity characteristics assigned to the terminal 
5 and/or an information item representing these identity 
characteristics is [sic] indicated with the aid of the 
indicating unit arranged on the chip card terminal. This 
indication is acknowledged by an actuation on the user 
side of the keyboard arranged on the chip card terminal, 

10 By this refinement and development of the invention, 
additional protection against manipulation of the 
indicating unit of the terminal is achieved on account 
of the spatial separation of the chip card terminal and 
the terminal. The chip card terminal can be additionally 

15 requested by the chip card to authenticate itself with 
respect to the chip card independently of the terminal 
itself. This additional possibility makes it clear that, 
seen in terms of security technology, the chip card 
terminal is assigned to the chip card. In this case, the 

20 chip card terminal acts in particular as a trustworthy 
interface between the chip card and the chip card user. 
The same trustworthiness can be achieved only with great 
effort if the functions of the chip card terminal are 
integrated in the terminal. 

25 According to a further development and refine- 

ment of the invention, a check of the entered personal 
identification number is carried out before each mutual 
authentication of the chip card and the terminal. This 
ensures that an indication on the indicating unit is 

30 always prevented during the procedure for the mutual 
authentication of chip card and terminal, even if the 
chip card is suitable for a plurality of different 
applications. It does admittedly follow from this that a 
global check of the personal identification number for a 

35 plurality of applications is not possible. However, this 
disadvantage is more than offset by the gain in 
security. 

Further advantageous refinements and 

developments are specified in further subclaims. The 
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invention we [sic] explained in more detail below with 
reference to the drawing, in which: 

FIG Ishows the flow chart according to the invention 

based on the challenge and response method, 
5 FIG 2shows a diagrammatically represented arrangement of 

a chip card, of a chip card terminal and of a 

central computer, and 
FIG Sshows an arrangement according to FIG 2, in which 

the chip card terminal is integrated with a 
10 computer station in a terminal. 

In the following exemplary embodiment, the 
method according to the invention, as represented in 
Figure 1, is described. Used in this case as 
communication partners are a terminal T and a chip 
15 card CHK. The terminal T in this case comprises all the 
units outside the chip card CHK. Such units are, for 
example, a chip card terminal CKT, a central 
computer HOST, a computer station CPU, and line 
systems L. 

20 The chip card terminal CKT forms the interface 

both between the chip card CHK and the central com- 
puter HOST and between the chip card CHK and the chip 
card user. Integrated in the chip card terminal CKT are 
an indicating unit DISP and an entry key block TAS. 

25 In Figure 2, the chip card terminal CKT is a 

single unit, which is connected via the line system L to 
the central computer HOST. In Figure 3, the chip card 
terminal CKT may be both a single unit and a unit which 
is integrated together with the computer station CPU in 

30 the terminal T. 

Whichever physical form the chip card ter- 
minal CKT takes - what is important for the method 
according to the invention is the absolute trustworthi- 
ness of the units implemented in the chip card ter- 

35 minal CKT, namely the indicating unit DISP DISP [sic] 
and the keyboard TAS. 

The exemplary embodiment describes the challenge 
and response method using symmetric cryptographic 
algoritlims. However, the method according to the inven- 
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tion can. similarly be carried out with asymmetrical 
cryptographic algorithms. All that is necessary for this 
purpose is for the functions used and the codes used to 
be adapted to corresponding to the requirements of the 
5 asymmetric cryptographic method. 

In Figure 1, entered to the left of a dash- 
dotted line are the method steps which take place in the 
chip card CHK, represented to the right of the dash- 
dotted line are the method steps which take place in the 

10 terminal T, and there in particular in a security 
module. After connecting the chip card CHK to the 
terminal T, a chip card user enters a personal 
identification number PIN with the aid of the keypad TAS 
of the terminal. After this entry, any indication on the 

15 indicating unit DISP of the terminal T is prevented. The 
personal identification number PIN is transmitted to the 
chip card CHK for comparison purposes. In the case of a 
positive comparison result, the chip card CHK transmits 
its chip card identity number CID and an application 

20 command ADF, identifying the desired application, to the 
terminal T. In the terminal T, a first terminal code KTl 
is calculated with the aid of the data received, a 
code K stored in the terminal T and an algorithm FTW. 
This first terminal code KTl corresponds to the first 

25 chip card code KCl stored in the chip card CHK. 

In the terminal T, a first random number VI is 
generated and transmitted to the chip card CHK. Both in 
the chip card CHK and in the terminal T, first acknow- 
ledgement parameters APCl, APTl are then calculated. 

30 This takes place on the chip card CHK side with the aid 
of the first random number VI, the first chip card 
code KCl and a first chip card function FCX. The first 
chip card function FCX corresponds to a first terminal 
function FTX. 

35 The terminal T calculates a first terminal 

acknowledgement parameter APTl with the aid of the first 
random number VI, the first terminal code KTl and the 
first terminal function FTX. The first chip card acknow- 
ledgement parameter APCl, calculated by the chip 
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card CHK, is transmitted to the terminal T and compared 
there with the first terminal acknowledgement para- 
meter APTl. In the case of a negative comparison result, 
the method is abnormally terminated, since then the chip 
5 card CHK is not authentic. 

Before the authenticity of the terminal T is 
then also checked with respect to the chip card CHK, the 
chip card CHK calculates a second chip card code KC2 and 
the terminal T calculates a second terminal code KT2. In 

10 the chip card CHK, this takes place after transmitting 
identity characteristics ID, assigned to the terminal T, 
to the chip card CHK. The chip card CHK forms the second 
chip card code KC2 from the identity characteristics ID 
and the first chip card code KCl with the aid of a 

15 second chip card function FCY. The terminal T determines 
the second terminal code KT2 from the identity 
characteristics ID, the first terminal code KTl and a 
second terminal function FTY. The second chip card 
function FCY and the second terminal function FTY are 

20 identical. 

The identity characteristics ID assigned to the 
terminal T are a security 'identity characteristic SID, a 
terminal identity characteristic TID and an application 
identity characteristic AID. The security identity 

25 characteristic SID uniquely designates a specific secur- 
ity module. The terminal identity characteristic TID 
. uniquely designates a specific terminal T. Similarly, 
the application identity characteristic AID uniquely 
designates a specific, currently running application. 

30 The second codes KC2, KT2 in the chip card CHK and in 
the terminal T accordingly change if the application is 
changed, if a different security module is integrated 
into the terminal T, or if a connection is made to a 
different terminal T. 

35 Before the identity characteristic ID is trans- 

mitted from the terminal T to the chip card CHK, this 
identity characteristic ID can be additionally safe- 
guarded with the aid of a "Message Authentif ication 
[sic] Code". 



For the authentication of the terminal T with 
respect to the chip card CHK, the chip card CHK then 
generates a second random number V2 and transmits it to 
the terminal T. The terminal T calculates a second 
5 terminal acknowledgement parameter APT2 with the aid of 
a third terminal function FTZ, the second terminal 
code KT2 and the second random number V2 and transmits 
it to the chip card CHK, The chip card calculates a 
second chip card acknowledgement parameter APC2 from the 

10 second chip card code KC2, the second random number V2 
and a third chip card function FCZ. The second 
acknowledgement parameters AP2 are compared in the chip 
card CHK. In the case of a positive comparison result, 
the identity characteristics ID are transmitted from the 

15 chip card CHK to the terminal T and indicated with the 
aid of the indicating unit DISP of the terminal T. This 
indication takes place in the form of an information 
item representing the identity characteristics ID. This 
infomation item - for example a specific word - is 

20 uniquely assigned the triplet comprising security 
identity characteristic SID, terminal identity 
characteristic TID and application identity 
characteristic AID. If the chip card user recognizes 
this word as correct, then for him the terminal T is 

25 objectively authentic. 

The notification of the result of the authen- 
ticity check may, however, also take place directly 
through the chip card CHK. A precondition for this is 
that the chip card has an indicating unit DISP, such as 

30 for example light-emitting diodes, an acoustic signal 
generator, which for example is able to emit specific 
sound sequences, or a liquid-crystal display. 

With the indication of the information item 
representing the identity characteristics ID, the indi- 
,35 eating unit DISP is enabled again for the indication of 
other items of information. If an acknowledgement of the 
indicated identity characteristics ID by the chip card 
user is envisaged, the enabling of the indicating 
unit DISP does not take place until after this acknowledgement. 
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